enterprise distribution of iOS app without private key

Using Xcode 10...


After Archiving the app and selecting "Distribute App," one can select "Enterprise" to distribute the app to the organization.


The next dialog asks about App Thinning (All compatible device variants is selected) and including a manifest for over-the-air-installation (not checked).


The next dialog allows one to Automatically manage signing.


At that point, a dialog appears that complains about missing the private key for the iOS Enterprise Distribution certificate.


It is generally a bad idea to pass around an original private key. Is it possible to generate a certificate to sign the app with for enterprise distribution that is derived from the original private key, but does not require the original private key to be on the machine? (hopefully that makes sense) If so, how?

Up vote post of MrLinear Down vote post of MrLinear
872 views
Posted by
MrLinear
Reply
Add a Comment

Replies

No, not possible - that's a good thing, as it it is generally a bad idea to consider generating an otherwise verifiably valid distribution certificate without involving the required matching key. Suggest you work with the process from a point of trust, not fear.


If you feel you have a legitimate use case that reasonably demonstrates risk and/or a need for ala cart signing/distribution, feel free to file bugs against the process using the report bugs link below, adding your report # to your thread for reference, thanks and good luck.

Posted by
KMT
Up vote reply of KMT Down vote reply of KMT
Add a Comment